Canadian enterprises and governments should adopt a just-released American government framework for tightening IT security of critical infrastructure, says a security consultant.

“I don’t think we should re-invent the wheel,” Kevvie Fowler, a partner in the forensic advisory services at KMPG Canada, said of the guidelines released this week by the federal National Information Technology Laboratory (NIST). “If you look at what has been done, it already leverages concepts from internationally-adopted standards like ISO 27001/2 and a few others.”

In 2010 the Harper government announced a national strategy to better protect critical infrastructure calling for the public and private sectors to work on addressing risks. But two years later the Auditor General released a report complaining the strategy still didn’t have an action plan. That plan has since been completed.

Public Safety Canada has released a guideline of best practices for incident response. However, Fowler said the NIST document goes further.

Meanwhile, as part of its effort to work on an infrastructure security plan the Canadian government is holding an invitation-only conference in New York at the end of the month.

Called a Framework for Improving Critical Infrastructure, it’s aimed at organizations, regulators and consumers to create or improve cybersecurity programs.

The document provides a common language to address and manage cyber risk in a cost-effective way based on business needs, without placing additional regulatory requirements on businesses, NIST says.

“The framework provides a consensus description of what’s needed for a comprehensive cybersecurity program,” Under Secretary of Commerce for Standards and Technology and NIST director Patrick Gallagher said in a statement. “It reflects the efforts of a broad range of industries that see the value of and need for improving cybersecurity and lowering risk. It will help companies prove to themselves and their stakeholders that good cybersecurity is good business.”